I removed some characters of course to protect my information. Heres the thing, i don't use a credit card for my iTunes, i ALWAYS just buy gift cards and use it that way. It has all of the logos and images usually associated with an apple email. The sender is itunes@new.itunes.com my question is: is this a legitimate email or if i click on the links am i probably going to get taken for a ride? The thing is is that this email isn't even associated with my iTunes account, this is my work email. Whats the deal?

if this question is not on topic here, I'm fine with it getting migrated, I've never posted a question here and I'm not sure if it is within the scope of the site.

EDIT

I checked all of the links on the page and they all go to here: tomjames.comcastbiz.net/check.php

is it possible my computer could have gotten a virus from this email? I am seriously doubting the source of this email.

I contacted Apple support and this is what i got back:

John, many customers have recently reported they received a similar email. I'll be glad to provide as much information as I can. I've looked into this for you and found that neither the email nor its sender are affiliated with Apple. The email appears to be a phishing attempt, designed to trick users into visiting a website. Fortunately, the purchase indicated in the email is not a real charge. I've checked your account to be certain.

Thank you to everyone who helped me and gave me info! It helped when i was in freak out mode.

This is the reason I don't click on links contained in an email unless I am expecting the email to be sent by the company. The first thing I would have done is verify if the credit card was attached to my iTunes account and if it wasn't simply delete the email.
–
RamhoundJun 13 '12 at 16:12

3 Answers
3

As your edit shows, this was a phishing attempt by someone who controls:

tomjames.comcastbiz.net/check.php

Relax. They do not have your secret details (unless of course you went to their site and gave them more information) besides your name and email which probably isn't secret information. You do not have to do anything. You potentially could report the link to some anti-phishing sites or your email provider if you want; but sometimes its best to just ignore it.

Make sure you don't panic. Many phishing e-mails look authentic but are not. Your personal details might have been harvested from any number of places on the internet, so don't automatically assume that your identity has been stolen and do something rash.

This looks like a tell-tale phishing e-mail to me, and my best guess without seeing the links is that they'll lead you to a malicious website attempting to harvest your Apple ID. Don't click on them!

Call your credit card company and make them aware of the situation. They can then decide the course of action as to whether or not they think there is a threat and act accordingly. This is a mitigation step, and will help you rest easy at night.

As liviu pointed out, there are a few items in e-mail that would make me believe it was fake. You should check the headers of the e-mail and look it up in an Whois database to see who the IP is registered to.

It should be noted that SMTP, by nature, is not a very secure protocol in that "from" addresses can easily be spoofed to claim that they are coming from someone that they are not. Do an IP Whois lookup on the header from the e-mail and that will help determine where the email actually came from.

Contacting Apple may be worth while as well - if for no other reason that to simply make them aware that this is happening.

EDIT (in relation to question edit) : I would say it's unlikely that this e-mail contained a malicious payload, though not impossible. The attack vector here looks to be a link to a page designed to harvest your Apple ID information. If it makes you breathe easier, feel free to run a virus scan to ensure your computer is clean.

Edited my answer to reflect new information in the question.
–
DKNUCKLESJun 12 '12 at 20:49

Can you please recommend a virus scanner for me? i have a mac.
–
JohnJun 12 '12 at 20:51

@John - clamxav.com or iantivirus.com have both have free AV for os x. If you didn't download an attachment from the email and try running it/looking at it or go to their website and download or install something (including browser extensions), this is probably overly cautious. (Assuming your web browser is up to date and doesn't have new vulnerabilities that the attacker is aware of but the browser/extension people have patched yet).
–
dr jimbobJun 13 '12 at 3:46

@drjimbob thanks for the info, i did click on one of the links when i thought it was a legitimate email and it downloaded a program to my downloads folder and safari complained and told me not to run it. It was my first warning sign and i deleted it. I don't think it did anything to my system or installed any viruses.
–
JohnJun 13 '12 at 6:20

You said you suspected it's not right, when in doubt,..., better err on the cautious side.

As already advised, don't panic. This is one of the motivators exploited in those kinds of phishing email, to induce fear ("send this email to another 20 people or something bad will happen", "500$ have just been extracted from your account", curiosity - "see my summer vacation pics"..)